Vulnerability Name:

CVE-2002-2261 (CCN-10775)

Assigned:2002-12-03
Published:2002-12-03
Updated:2017-10-11
Summary:Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: SGI Security Advisory 20030101-01-P
Multiple Vulnerabilities in Sendmail

Source: SGI
Type: UNKNOWN
20030101-01-P

Source: MITRE
Type: CNA
CVE-2002-2261

Source: CCN
Type: HP Security Bulletin HPSBUX02495 SSRT090151 rev.1
HP-UX Running sendmail, Remote Denial of Service (DoS)

Source: CCN
Type: SA7826
IRIX updates to sendmail

Source: SECUNIA
Type: Vendor Advisory
7826

Source: CCN
Type: SECTRACK ID: 1005748
Sendmail `check_relay` E-mail Access Control Features Can Be Bypassed By Remote Users

Source: SECTRACK
Type: Patch
1005748

Source: CCN
Type: CIAC Information Bulletin N-030
Sendmail Restricted Shell (smrsh) and Check_Relay Vulnerabilities

Source: CCN
Type: OSVDB ID: 60140
Sendmail Spoofed DNS Hostname check_relay Function Bypass

Source: BID
Type: Patch
6548

Source: CCN
Type: BID-6548
Sendmail check_relay Access Bypassing Vulnerability

Source: CCN
Type: Sendmail Consortium Web site
Sendmail 8.12.7

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.sendmail.org/8.12.7.html

Source: VUPEN
Type: Vendor Advisory
ADV-2009-3539

Source: XF
Type: UNKNOWN
sendmail-check-relay-bypass(10775)

Source: XF
Type: UNKNOWN
sendmail-check-relay-bypass(10775)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6892

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8512

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6892
    V
    		HP-UX Running sendmail, Remote Denial of Service (DoS)
    2014-03-24
    oval:org.mitre.oval:def:8512
    V
    		HP-UX Running sendmail, Remote Denial of Service (DoS)
    2014-03-24
    BACK
    sendmail sendmail 8.9.0
    sendmail sendmail 8.9.1
    sendmail sendmail 8.9.2
    sendmail sendmail 8.9.3
    sendmail sendmail 8.10
    sendmail sendmail 8.10.0
    sendmail sendmail 8.10.1
    sendmail sendmail 8.10.2
    sendmail sendmail 8.11.0
    sendmail sendmail 8.11.1
    sendmail sendmail 8.11.2
    sendmail sendmail 8.11.3
    sendmail sendmail 8.11.4
    sendmail sendmail 8.11.5
    sendmail sendmail 8.11.6
    sendmail sendmail 8.11.7
    sendmail sendmail 8.12 beta10
    sendmail sendmail 8.12 beta12
    sendmail sendmail 8.12 beta16
    sendmail sendmail 8.12 beta5
    sendmail sendmail 8.12 beta7
    sendmail sendmail 8.12.0
    sendmail sendmail 8.12.1
    sendmail sendmail 8.12.2
    sendmail sendmail 8.12.3
    sendmail sendmail 8.12.4
    sendmail sendmail 8.12.5
    sendmail sendmail 8.12.6
    sendmail sendmail 8.12.0
    sendmail sendmail 8.12.6
    sendmail sendmail 8.11.1
    sendmail sendmail 8.9.3
    sendmail sendmail 8.12.1
    sendmail sendmail 8.12.2
    sendmail sendmail 8.12.3
    sendmail sendmail 8.12.4
    sendmail sendmail 8.12.5
    sendmail sendmail 8.12 beta7
    sendmail sendmail 8.12 beta5
    sendmail sendmail 8.12 beta16
    sendmail sendmail 8.12 beta12
    sendmail sendmail 8.12 beta10
    sendmail sendmail 8.11.7
    sendmail sendmail 8.11.6
    sendmail sendmail 8.11.5
    sendmail sendmail 8.11.4
    sendmail sendmail 8.11.3
    sendmail sendmail 8.11.2
    sendmail sendmail 8.10.2
    sendmail sendmail 8.10.1
    sendmail sendmail 8.9.2
    sendmail sendmail 8.9.1
    sendmail sendmail 8.9.0
    sendmail sendmail 8.10
    hp hp-ux b.11.11
    hp hp-ux b.11.23